It's Tuesday morning and you need that fresh cup of piping hot joe to wake you up. Instead of coffee, why not watch this Point of Vue video of the Fury 325 at the Carowinds amusement park. What's so special you ask? It is a 95 MPH roller coaster with a 325 foot drop.

Enjoy and welcome to Tuesday

]]>3 secrets to success at work and in lifeGeneralEdward KiledjianMon, 30 Mar 2015 09:45:00 +0000http://kiledjian.com/main/2015/3/30/3-secrets-to-success-at-work-and-in-life520b6ad0e4b0734e32e28dd9:52180764e4b028d1a7486b58:55193d03e4b08ae213ef097e

Success means different things to different people but what would you say if I said the roadmap to success is always the same.

Success is not final, failure is not fatal: it is the courage to continue that counts.

— Winston Churchill

Some people are entrepreneurs, some people are intrapreneurs and some people are perfectly happy in a corporate position. So how can the roadmap to success be the same for all 3? It can and it is.

Believe in yourself

Believe you can and you’re halfway there.

— Theodore Roosevelt

You have to believe that you can. That:

you can succeed

you can overcome

you can execute

you can deliver

you can learn

you can be

You have to believe that you have everything you need to succeed. It doesn't mean you have perfect knowledge but it does mean you know how to learn the skills you need. It doesn't mean you won't experience obstacles but that you will overcome them. It doesn't mean that you won't have doubts but that you will plough through and become what you are destined to become.

Motivational coaches spend as much as 90% of their time convincing their customers to believe. It is singlehandedly one of the most powerful tools available to anyone. Belief in yourself is not only the foundation to your professional life but the foundation of your personal life.

I believe that if life gives you lemons, you should make lemonade... And try to find somebody whose life has given them vodka, and have a party.

— Ron White, comedian

Perseverance

Perseverance is the hard work you do after you get tired of doing the hard work you already did.

— Newt Gingrich

Your life is a combination of long marathons and short overwhelming sprints. To succeed you have to be a multi-talented "athlete". You have to remember that sometimes after a long long marathon (which can be extremely tiring) , you may need to perform a last minute sprint to win the game. Many people get to the end of the marathon and just give up when they realize there is a sprint (no realizing that there is a measly 5% left to win).

Perseverance is the ability to keep going even when things are "hard" and have "been hard" for a while. It is important to go into the race (personal or professional) with the belief that regardless of what life throws at you can and will persevere.

Perseverance, secret of all triumphs.

— Victor Hugo

Perception

Depending on your job, you may see the world as black or white. Accountants are a perfect example, they often see the world as black (losing money) or white (making money). A proven successful leader will say business isn't black or white but different shades of grey.

This means that nothing in life is inherently [all] good or bad.

The difference between average people and achieving people is their perception of and response to failure.

— John C. Maxwell

Perception is shapes by our beliefs, our upbringing and our socialization. It is the tint with which you see the world. 2 people can experience the same situation and perceive it differently.

As an example, let's say the person you absolutely love decides to leave you. You can perceive it as the worst thing that has ever happened to you, shut down and destroy yourself. Or you can say he/she probably wasn't the right person for you and now that they are gone, there is room for the right person to come into your life. These are 2 very different outcomes to the exact same situation coloured by your personal perception of the situation.

We are confronted by these types of judgement calls every day. How will you react. Successful people perceive situations positively while negative people perceive them as dark.

There is no truth. There is only perception.

— Gustave Flaubert

Conclusion

The above 3 points are simple to explain and simple to understand, yet difficult to master. Print them. Read them. Live them.

You are special. You have the powerful to be everything you have ever wanted. Believe, Persevere and Perceive.

When I first heard about the Google Chromebook, I couldn't understand why anybody would buy a computer that only "ran a browser". Sure you could buy one for $300-500 but then again, you can pickup a "cheap" windows based laptop for about the same price.

Notes from my day job

My day job is being the Chief Information Security Officer (CISO) of a large multinational manufacturer. When our employees travel to high risk locations, they are equipped with a special laptop with a hardened image and they are instructed to only load the bare minimum amount of information needed during this trip. We ask that everything else be kept on our company servers.

Why do we do this? Because the risk of having your equipment hacked is higher in some countries. Add to that the fact that most countries and ask you to log into your computer so that it can be "inspected" at the border.

Chromebook is the safest travel computer

So the Google Chromebook is designed to run a special operating system called the ChromeOS. It is basically a thin Linux operating system on which Google runs a customized version of their famous Chrome browser.

Because the entire system is the Chrome browser, you can't "install" typical applications. Sure this can be a pain but it is also one of the features that makes the Chromebook so secure. Even clicking on a malicious email or browsing a malicious website can't stealthily install malware. ChromeOS supports Flash but a malicious Flash attack using advertising networks can't infect your Chromebook. ChromeOS also doesn't run Java so you're safe from all of those attacks.

You can install a malicious Chrome extension or one that is made malicious later through an update but you should only be installing extensions from trusted brand name developers.

So obviously Chrome is extremely difficult to hack which makes it a better option for high risk travel. Most Chromebooks come with a small token amount of storage because the entire premise of the Chromebook is that you should store your files in the cloud.

Easy & automatic encryption

Upon initial setup of your Chromebook, Google creates a private encryption key for you using the eCryptfs encrypting file system. This means an unauthorized person cannot see your data even if they rip our the drive.

Boot up secure check

Every time you boot a Chromebook, it runs a Verified boot process to ensure the software hasn't been tampered with. It checks every loaded component as it loads from Kernel to drivers (making sure they are the genuine unmodified Google provided versions).

This means that every time you log into a Chromebook, you can be assured you are logging into a secure login environment. This is much better than any Windows or Mac computer.

Update your system to stay secure

Anytime a vulnerability is discovered, software manufacturers rush to push out updates to their products. Microsoft has automated the process as much as possible but Google's Chromebook once again wins this round.

Google releases updates on an as needed basis or at least once every 6 weeks. Like the Chrome browser, the Chromebook automatically downloads and install the update with no user intervention. In the case of the Chromebook though, this process can update everything from the lowest level operating system function to how extensions are handled.

Just to be safe, Chromebook keeps a copy of the last known good version onboard and can quickly boot to it if the unthinkable happens during an update.

Ultimate privacy

We all know you can enable Incognito mode to browse privately and not leave too many trails. Google's Chromebook has a mode called Guest Mode which is Incognito on steroids. You can log into a Chromebook as a guest (without credentials) and everything you do during the session is ephemeral and wiped at the end of your session.

Reinstallation takes minutes

If things aren't working just right or you want to ensure you are working with a fresh clean version of the operating system then you can enable a feature called PowerWash. PowerWash basically performs a complete factory reset of the device bringing it back to an original out of the box state (within minutes). My Acer C720P can perform a PowerWash and show me a login prompt within 5 minutes.

Why would you want to perform a PowerWash? Because something isn't working and you can't figure out what. Or you just visited a high risk country and even though a Chromebook is fairly secure, you want the additional piece of mind that comes from a fresh cleanly reinstalled operating environment.

The Google security goodness

In addition to everything I wrote above, you get the extra security features Google has built into Chrome which means all transactions with Google are performed over a secure TLS connection.

If anyone tries to spoof a google certificate to steal your credentials (man in the middle style attack), the browser will notify you and prevent the attack.

You get GMAIL's perfect forward secrecy.

VPN your way to a more secure connection

The best security comes from multiple layers of protection. In addition to everything I mentioned above, you can use a VPN service to tunnel your way out of the badlands into a safer internet.

Google's Chromebook supports 3 types of VPN connections:

L2TP over IPsec with PSK

L2TP over IPsec with certificate-based authentication

OpenVPN

The last one is the safest and should be your preferred option. Not only does establishing a VPN prevent someone from eavesdropping on your "internet discussion", it also means you can access sites that may be forbidden in your destination country (think Facebook from China or HULU from Canada).

Conclusion

Yes the Chromebook is much more limiting than a traditional computer but the truth is many users have migrated from laptops or desktops to tablets. If you can live with a tablet then the Chromebook is a no brainer.

Not only is it more secure but the fact that you have no maintenance to perform is a wonderful feeling. We use a Chromebook as a 3rd or 4th computing device in the house and my wife uses it to show websites to potential clients. It boots in 7 seconds and doesn't slow down with continued use (I'm looking at you Windows).

Over the last 24 months I went from a Chromebook hater to a Chromebook lover. You can even splurge on Google's new and update Chromebook Pixel. It is a reference design by Google that costs $999 but offers everything you could ever want in a Chromebook. Incredibly responsive keyboard and trackpad. Super high resolution touch screen. 9-12 hours of battery life. Solid metal construction.

When web placement was paid per click or per view, Twitter importance was measured by the number of followers you had. Those days are long gone because modern tech savvy social media users understand that engagement is the ultimate measure.

In some cases, people bought Twitter followers to make themselves look better but there are times when those fake followers are added by bots. Why? Because many people automatically follow back all of their followers and these SPAM accounts get a decent following quickly.

Fakers App

The first tool is an online service called the Fakers App. This app allows you to identify how many fake or empty accounts follow you. Better yet, they can perform this same magic on competitors or service providers trying to sell you on their HUGE social media following.

Authorize the app to connect to your twitter account. Then let it do its magic

In my case only 3% of my followers are fake. 46% are inactive which isn't surprising knowing how most registered Twitter users rarely tweet. You can use the search box to check this info for someone else

TwitterAudit

TwitterAudit (link) is another interesting tool that takes a 5,000 follower sample from your account and then creates a follower value score by looking at the ratio of followers to following, number of tweets, date of last tweet, etc.

It creates some interesting graphs:

Conclusion

You'll notice that the stats provided by each site aren't perfectly aligned but they are close. The Inactive status of the Fakers App isn't too valuable for me considering most people sign up and spend most of their time on twitter lurking.

Ultimately less than 3% (in both cases) of my followers are fake. What about you?

It has been a good week for IOS device owners. First we were gifted an official Google Calendar app and now Nokia has released its Nokia Here Maps for IOS.

This is one of the Nokia units that was not acquired by Microsoft and it seems they take mapping very seriously. In addition to offering turn by turn navigation, voice guidance, real time traffic alerts and public transit routing, it offers users the ability to download maps locally for over 100 countries. This means you can route even when travelling out of country or going through bad reception areas.

I have been using the android version since its beta release and overall I am very pleased with its performance. It provides much more accurate routing than the built in Apple Maps.

Why not download this little gem and keep it in your toolkit for a rainy day?

Google finally released a calendar app for iPhone today. Even Google's own blog post title says "[...] It's about time". I couldn't agree more.

My early tests show it is based on the (released in November) updated Android app which simplified calendar management (transforming GMAIL events into calendar entries automatically). Like Fantastical, it also has an Assist feature which helps you fill our the various pieces of a calendar entry.

Here is the direct link to the app on iTunes (link) , I couldn't find it with the itunes Search feature.

In addition to bumping up your storage quote to unlimited, they switched the maximum single-file size limit to 10GB (from 2GB). Just when you think you hit the jackpot, you hit an undocumented artificial limit that prevents you from using the all you can eat buffet in the sky.

They limit you to 20,000 files total. This means that most users won't get anywhere near the kinds of storage usage scenarios most of us thought Microsoft would be dealing with. Unfortunately most users aren't aware of this. They will start uploading their photo collection and then all of a sudden their agent will stop uploading files. The agent won't generate any errors. Everything will look perfectly fine but they have reached their limit and the game is over.

What about the competition? Dropbox has a statement on this (link) page that says:

The number of files you can store in your Dropbox is only limited by the amount of online storage space in your Dropbox account[...]Dropbox’s performance may start to decline when you store above 300,000 files

— dropbox help

Although Microsoft's Office 365 + unlimited storage seems enticing, I would still stick with Dropbox for online cloud storage because it just works better in every way ( faster upload, faster download, no artificial file limits, clients on every platform that work well, etc).

We have seen claims that the luxury hotel chain has suffered a credit card breach (some outlets are now confirming it).

The last confirmation I received was that the chain is working with its banking partners to investigate the claims. We don't know yet if the breach impact some or all of its global properties. Unnamed sources say the breach goes back to just before christmas 2014.

It is too soon to speculate how they were stolen. Some outlets jumped the gun and claimed the chains main reservation system was breached but it is important to remember that the breach could be on a Point of Sale terminal in the hotel (store, restaurant, etc).

Since the chain is made up of luxury properties, its patrons typically have high value credit cards that could fetch a premium in the credit card sale black market.

If I am made aware of any developments, I will update this post accordingly.

For the record, I have stayed on many of their asian properties and I love the Mandarin Oriental chain.

LinkedIn has created a unique niche for itself amongst professionals looking to bolster their career. Read my article about The You Brand , and you may start to see opportunities to use LinkedIn as your personal self promotion platform.

Here are some of the elements you could use to improve your overall LinkedIn visibility and credibility.

Update Your Profile

Sounds pretty basic but it deserves a special spot here as the first suggestion. Remember that LinkedIn is where potential employers go to discover who you are. It is often the first opinion a potential partner or employer will have of you.

It is very important to remember:

LinkedIn is not Facebook, please stay professional

Make sure everything in your profile exudes professionalisms from the level of english you use to describe your positions to the picture you upload. You'll notice on my LinkedIn profile that my background (on the very top) is a serene picture of a forest. Chose something that describes you without going overboard.

LinkedIn also allows you to add other content which may be relevant to your future job prospects such as whitepapers, images, presentations, etc.

LinkedIn Profile Tips:

Have a well lit professional looking photo

Have an original (non job title) tagline that describes your capabilities

Have more contacts. Add anybody you have met to LinkedIn. There is something powerful when that 500+ connection number is shown on your profile

When using LinkedIn for intelligence work, turn on anonymous browsing (link) to do it discreetly

Linkedin in NOT a resume and shouldn't be treated as such. Consider it a living document that describes you.

It is important to update your LinkedIn status at least once a week. Remember to stay professional.

Nurture your network

LinkedIn created the Connected app (link) and describes it as: " Because most opportunities come from the people you already know, and fostering genuine relationships can help you be more successful."

LinkedIn is telling you how important nurturing your network is... Are you listening?

You want to be top of mind within your network. If an opportunity comes up, you want your contacts to think of you. Remember that 70% of jobs aren't posted so your LinkedIn army can help you get hired.

Believe it or not, getting an interview is becoming harder and harder. The last thing you want to do is waste a good opportunity, so here is what you need to know to ace the next interview.

It's an interview not a discussion

Regardless of how casual you think the interview will be, remember that it is not a conversation. Typically it is the roadblock to getting that better job with better pay, more benefits, increased flexibility or a better location. There is a lot riding on your performance and I want to make sure you are prepared. So remember:

An interview is never a conversation, it’s an interview.

Remember that the interviewer has a lot of pressure to find the right candidate in a very short period of time (spending only 30-60 minutes with each candidate). Remembering this already puts you ahead of the game.

Practice, practice, practice

In theory there is no difference between theory and practice. In practice there is

— Yogi Berra

I can't stress this enough. Chance favours the prepared. If you really want this job, you need to practice.

The first step of preparation is knowing your CV inside out:

companies you worked for

dates you work at each (day, month and year)

what your title was

what you did there

the value you delivered to the organization, clients and shareholders

Once you know the above, you need to practice how you will vocalize it. This means practicing out loud while simulating the work environment. Practice in front of a camera, so you can analyze the words you used, the flow you created and what you were communicating non verbally. It may be tough to truly and honestly analyze yourself with a critical eye, but better to do it now and fix issues before you sit in front of the interviewer.

Examples, examples, examples

A picture is worth a thousand words

— Arthur Brisbane

You should prepare to answer the standard questions of :

why are you leaving your current job

why are you the best candidate

how did you generate value for your last employer

Make sure you prepare clear examples to illustrate your real world reaction to these questions. A question can be asked hundreds of different ways and your formal answer needs to be customized to the question but if you prepare a handful of different examples for different situations, you'll always be able to respond properly.

Find examples for each section (work, school and personal) of your resume that highlight your contribution to a certain activity. Try to find enough examples to illustrate your strengths, leadership skills and tailor your examples to the companies values.

Remember that often interpersonal skills are more important than technical ones so don't forget to show some examples of how you handles thorny people issues.

Have questions ready?

Assuming you did everything mentioned above, you should have various questions ready to go. A candidate that doesn't have questions is usually a cause for concern to the interviewer potentially showing a lack of preparation or interest.

You may want to know why this position has been advertised 4 times in the last year. Are the candidates leaving?

You may want to know about compensation, job flexibility, etc.

Whatever it is, create a master list and then sort it by audience.

Ask the right question to the right person

Don't ask the HR person about on the ground questions. Those are better suited to the actual boss. By tailoring your questions to the right audience, you will look much more prepared. When meeting HR, ask them all the HR questions. When meeting a manager, ask them all about the "on the ground" questions.

I want to start of this review by clearly stating that I am not a Bose fanboy. I don't automatically recommend all of their products just because they carry the Bose name. I tested 19 headphones for this review.

Noise cancelling headphones are the only options for frequent travellers looking for small oasis in an otherwise jungle of airports, taxis and urban sprawl. When I recommend a pair of noise cancelling headphones, it is a job I take very seriously. Having said all of this this, the Bose QC25 noise cancelling headphones are the best choice for anyone frequent user of planes, trains or any urban dweller looking to create a little oasis of silence. Let me be clear, these aren't reference headphones that perfectly reproduce music but are good sounding headphones with amazing voice cancellation. This is an important distinction to make sure you are not disapointed.

When I tested noise cancelling headphones, I wanted something that worked well, that was light/comfortable and that can be easily stowed away when not in use.

How does the QC25 compare to the QC15?

The first question I asked the Bose clerk was to enumerate the difference between the new Bose QC25 and the older QC15. After several minutes of verbal diarrhea it became clear he didn't know what he was talking about. For those wondering what the differences are, here you go:

Bose QC15 have been discontinued and quickly sold from the channel

The QC25 can play music even when the noise cancelling mechanism is turned off or when your battery dies

Those are the main differences. If you already own a pair of QC15s, don't even think about upgrading.

What's a lower cost alternative to the QC25?

Many of my readers email me asking for a recommendation cheaper than the Bose. If you want something cheaper (understanding the sound quality won't be as good and the noise quality is also inferior) then look at the Audio-Technica ATH-ANC7b.

I own a pair of these and find that the band is slightly too small for my medium head. I find it just doesn't sit comfortably on my head and it bothers me. But for the price (almost half the price of the Bose), you get a decent bang for your buck.

Disclaimer about noise cancelling headphones

I know a handful of readers that purchased the QC15 and were disappointed because they didn't understand the real usefulness (or lack) of these types of headphones. Noise cancellation headphones work by listening to your environment and then add a negative sound pattern in your ear to cancel our the external noise. They work very well for continuous low mechanical sounds (like train sounds, airplane engines, air conditioner, fan, etc).

They don't work so well for higher pitch non repetitive sounds like screaming co-workers or crying babies. They will still reduce the intensity of those sounds but buying a $300 pair of headphones can't be justified for them.

If you want good headphones and will occasionally (read rarely) use the noise cancellation functionality then noise cancelling headphones aren't for you. You would be better served with a lower cost but higher quality close back over the ear headphones.

What about in ear noise isolating headphones?

I am a big fan of in-ear noise isolating headphones and my 2 favourite headphones right now are the :

Ultimate Ears Triple-FI 10

Etymotic ER-4 microPro (I love these)

Etymotic hf5

The Etymotic ER-4 microPro offer amazing sound reproduction and fantastic noise isolation (35-42db). I find that the noise reduction powers of the ER-4 are better than the Bose but this requires that I jam the earphones deep into my ear canal.

This jamming of the earphones doesn't bother me but many many people I know just can't stand it. For these people the Bose is the better option.

Back to the QC25

I had a chance to compare the QC25 to the older Bose QC15 and the QC20 in ear noise cancelling headphones. The QC25 just sounds cleaner, better and more engaging.

The QC25 is also lighter and more comfortable than the 2 others.

If you are ok shoving an in-ear earphone into your ear canal, the Etymotic ER-4 is another option that has better sound, is smaller and lighter.

In conclusion the QC25 is the best noise on ear cancelling headphone you can buy.

Non-verbal communication can actually make up 70% of the message your are transmitting. It is much more powerful than verbal communications but much more difficult to control. Having performed hundreds of interviews, I have a list of the biggest non-verbal blunders I have notices during interviews that I wanted to share with you.

Too much or too little eye contact - Not enough eye contact and it conveys lack of interest or low self confidence. Too much eye contact can be seen as intimidating and frightening in some cases. During one 45 minute interview, the interviewee starred at a spot on my forehead the entire time blinking very very rarely. It made the entire discussion very awkward.The trick is stay relaxed and do as you would normally do.

Inappropriate clothing - You should dress for the position you are applying for and the culture of the company. I was interviewing for a director position in a conservative multinational consulting company and the candidate showed up in a 1970's candy blue tuxedo. In another situation an interviewee for an entry level PC field technician job showed up in a $5,000 Armani suit with crocodile skin shoes. How do I know? Because the candidate worked it into the interview conversation to ensure I realized what he was wearing. Do your homework and wear appropriate clothing.

Give me a normal handshake - Your father told you that a handshake quickly defines who you are in he was right. Too weak and it projects insecurity. Too strong and it exudes arrogance. As ridiculous as it may sound, practice your handshake strength with friends and family to find a happy medium.

Don't be tick man/woman - The interviewer knows being interviewed is stressful and we access that there will be a certain amount of movement because of this (movement often relieves pressure for the interviewee)but there are limits. Be conscious about your body, posture and movements. Don't tap your foot nervously on the floor, table or chair leg. Don't continually click and unclick you pen. Don't twirl your hair. It's good to have a normal amount of arm and hand movements as you are explaining your points but don't let it get out of hand (you are not directing an orchestra). Remember that you want to present yourself as an energetic but in control individual. Practicing your interview in front of a mirror or camera can help.

You are not a statue - On the other end of the spectrum is the emotionless statue. These are people that have a completely blank emotionless presence during the entire interview. I had one of these and he gave off a serial killer vibe that quickly "killed" the opportunity for him. The modus operandi is be calm but engaged. A little emotion is a good thing.

Smell nice not like a perfume department - It is a good idea to pick a nice smell and use it sparingly (cologne, perfume, aftershave, etc). First don't bathe in the smell. A few dabs or spritzes is all you need. Second please choose one smell and go with it. Don't mix different products each with their own smell. There was one interviewee that showed up smelling like an entire department store perfume section. He had used a handful of different smells on him (clearly) from body spray, perfume, deodorant, etc. I know because I asked. Why did I ask? Because the combination was so strong my co-interviewer and I sneezed for about 5 minutes.

Other general recommendations:

Smile sometimes

Don't cross your arms, it shows you as being closed off

A survey of 2,000 hiring managers showed that most thought they could properly judge a candidate within 90 seconds of first seeing them. This shows the power of non-verbal cues. I would never make a hiring, firing or promotion decision based solely on non-verbal cues, they do play an important role in building an overall picture of the person being evaluated. The key to presenting a positive and welcoming non verbal aura is consciously acknowledging these points and working on them to "put your best foot forward"

As a security expert, my biggest security risk (in the corporate world) is people. I can buy the best technology and write the most efficient processes but if people get sloppy, everything falls apart.

Security and convenience (simplicity) are on opposing ends of the spectrum. Ultimate security means no convenience and ultimate convenience means no security. Did I mentioned that only through good security can you get good privacy?

We make decisions about relative importance of security over functionality everyday. If you use an Android smartphone and have enabled GoogleNOW, you understand how practical it can be for the Google hivemind to process everything about you and give you the information you need, when you need it, all without having to do anything. Go to the airport your boarding pass magically shows up on your lock screen or smart watch. Go to a foreign country, get the currency conversion. Go to a new city and see all of the important sights to visit right then and there. We love convenience.

It is this convenience or simplicity that has caused the explosion of everything-must-connect-to-the-internet syndrome. When connecting to the internet meant you had to be a tech expert, buy $3000 of equipment, then setup complicated dialup services, only the brave wanted in. Now that all of the technical underpinnings are hidden, everyone wants to be on the net.

But most users forget that the internet is not magic. There are companies and people working in the background to make all of this possible. None of these people or companies are non-profit charities. Our Internet Service Provider (ISP) sees all of our internet traffic. Our email provider knows who we message, why and how often. Our DNS provider knows what sites we visit and how often. SmugMug or Flickr see all of your photos. If you use a Chromebook (and I own one), you want someone to even manage your endpoint device.

Every Time you interact with an internet connected device, remember that it is logging and tracking almost everything you do. Some companies call it telemetry, usage information, meta-data but know it exists. They use it to improve their product and figure out whats popular and whats not. They want to know when something crashed, why and how. Often sending debug information along with the crash report, which could include personal data.

It is these companies, who have access to this treasure trove of personal and sometimes private information, that we are tasking with the protection of our security and privacy. It is also failures in these companies that can lead to a violation of our privacy. Sometimes these violations are because of lax security controls inside the company. Sometimes these violations are performed by well funded, highly skilled, cyber-spies on behalf of national governments. Sometimes this information is stolen for fun and profit by "bad actors" (organized crime, competitors or the kid next-door).

An article in The Intercept (link) talks about a Snowden leak that claim's GCHQ and NSA operatives stolle the SIM encryption keys from Gemalto. You've never heard of Gemalto but they probably made the SIM card sitting on your cell phone right now. It's moto is "Security to be free".

Once you have the keys, decrypting traffic is trivial

— Christopher Soghoian, the principal technologist for the American Civil Liberties Union

So it is a bad thing. We didn't want to (or wouldn't) implement security ourselves on our devices so we expect our carrier to do it. They did, using Gemalto and it is now claimed that the keys uses to protect billions of smartphones has been hacked by national intelligence agencies.

Secure Instant messaging is a good example. I use the common tools (because everyone is on them) but when I try to convince people to adopt the more secure Threema, they refuse. They want the security but don't want to create and manage keys. Securely exchange keys with the other party, etc. They want someone else to handle everything for them.

In the corporate world we employ expensive highly skilled specialists to manage these security controls because we understand the risks of losing control over our protection mechanisms. We understand the value of what it is we are protecting, but do you?

Every time you give up some privacy in exchange for convenience (or a free service), do it consciously . Ask yourself what’s in it for the other party and is the trade really worth it?

— Edward N Kiledjian

You are your own security's worst enemy.

The long term solution is

more stringent government regulation forcing clearer explanations of what data is collected, how, when, by whom and for what purpose.

more intelligent consumers that are aware "nothing is free" and better equipped to make decisions regarding their personal privacy and security.

In the last 30 days, I participated to 2 CIO conferences (Montreal and San Francisco) and interestingly heard similar questions from executives about the security risks and dangers of Internet of things devices. Are they really that dangerous?

When I talk about Software as a Service, most readers think of the Google computer cloud, Amazon Web Services or Microsoft's Azure cloud platform. What never gets mentioned is the new breed of Attack as a Service providers. As competition in this space heats up, purveyors of these types of "fine" (said sarcastically) services are looking for ways to reduce the price to win customers. Yes, free market economic is alive and well in the dark underbelly of the internet.

An October 2014 (link) report by Akamai (one of the internet's largest Content Delivery Networks and provider of Website attack protection services) said that they saw a significant increase in the number of UPnP devices being used in amplification attacks.

Amplification means an attacker can start with a very small number of attack origin devices, then use flaws and misconfigured internet connected devices to turn the drop into a tidal wave. 

The Open Resolver Project has collected a list of 28 million internet connected devices that can be used for amplification attacks (link).

Remember that not so long ago (Christmas Eve and Christmas Day), a group known as the Lizard Squad "took down" the Playstation and XBOX online services through a DDOS attack using thousands of compromised home internet routers.

As companies rush to cash in on the connect-everything-to-the-internet craze, many are cutting corners on security in order to rush products to market or save money on development costs. These are the same companies that don't update their products when major flaws are discovered in the open source tools they use, which means known vulnerabilities sit waiting to be exploited for the life of that device.

Clearly we have a problem with IoT devices already connected to the internet, and eventually it will have to be fixed somehow or we will see bigger and more devastating DDoS attacks. I'm not sure how these will get fixed but it may come down to government regulation (which I hate to even think about).

Going forward, I am hoping the larger players with be able to sway device manufacturers to adopt a more security conscious approach. Apple is working on HomeKit and Google bought Nest and Dropcam. Maybe if these larger players use security as a differentiator, it may push other manufacturers in the right direction.

The OWASP (link) Internet of Things Top Ten Project is a great start and the site defines its purpose as:

As a security expert, I have very limited IoT technologies in my house. Not because of a lack of desire but out of concern for security. Be careful of what you buy and how you use it. Make sure IoT devices are on a separate network, so that a compromise of those devices won't give an attacker a foothold in your home's internal network.

Ask yourself :

What would be the impact if a bad actor saw or listened in on a private conversation? What is they accessed your home internal network and copied your computer files?

This is a market that will explode in the coming years. We will see IoT embedded in everything from our toaster to our pants. Our shoes will provide step counters, our fridge will say how much we ate and the bathroom will illustrate how much time you lost in there reading a magazine.

Everything we do will watch, measure and report on us. Let's try to make sure all this incredible data isn't used for nefarious purposes. As a consumer, demand secure devices from manufacturers. Vote with your dollars. Email company support departments asking for updates and better protection. It's in all of our hands to make security a priority for these companies.